555 Hitrust Jobs - Page 4

About The Role As an Experienced Staff Consultant, your responsibilities will include standard project execution and client service activities, focused on IT compliance assessments (e.g., SOC 2 and ISO engagements). You will have the opportunity to gain project experience with clients ranging from start-ups to enterprises, across a variety of industries. As an added benefit, A-LIGN does not require Delivery Consultants to report time or sell work! Reports to: Delivery Manager and/or Senior Manager Pay Classification: Full-Time Responsibilities Execute SOC 1, SOC 2, SOC 3, and other engagements, under the direction of a Senior Consultant and a member of the management team Create agendas Participate in client meetings and foster client relationships through proactive and positive communication Perform audit testing under the direction of a Senior Consultant or the management team Communicate effectively with the client, prior to, during, and post on-site visit Review the manager’s planning meeting minutes and prepare as appropriate for internal and external meetings Gather evidence and review Prepare lead sheets throughout the project Provide draft leadsheets to management for review within defined timelines Provide detailed project status reports weekly to management Organize client information on A-LIGN’s OneDrive Proactively communicate to management regarding any potential issues Travel occasionally to clients’ offices Experience Minimum Qualifications At least 1-3 years of experience in IT audit, preferably with the Big 4 or a mid-tier audit/consulting firm Knowledge of various IT compliance standards including SOC 2, ISO 27001, PCI Experience using Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Skills Ability to meet deadlines with a high degree of motivation Thrives in a fast-paced environment Ability to effectively multitask Ability to work individually as well as collaboratively Demonstrate capabilities with moderate supervision Ability to determine appropriateness of evidence provided by the client Strong interpersonal skills with a service-oriented mindset who can work well within a team as well as independently Must be detail oriented and organized in completing tasks Must be proactive, anticipate roadblocks, and offer solutions Ability to utilize the Microsoft Office suite including Word, Outlook, PowerPoint, and Excel Must have a sense of urgency around completing tasks and the order and priority of tasks based on business needs Strong composition, grammar, and business language skills Strong communication and interpersonal skills with the ability to effectively communicate with the management team and colleagues. Ability to work independently, set priorities and handle multiple tasks with a high level of efficiency About A-LIGN A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com Come Work for A-LIGN! Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn A-LIGN is an Equal Opportunity Employer! Minorities, women, disabled, and veterans encouraged to apply

>>Technical Skills Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, Privacy etc. Knowledge of technical domains such as Cloud security, VAPT, Application security, Risk and control assessment, Technology risk assessments, IT or OT compliance, Data privacy, and Network security Knowledge of concepts such as Shadow IT, Vendor risk, Country specific legal and regulatory requirements, outsourcing/ technology regulations, OWASP top 10 vulnerabilities, review of reports such as SOC, Penetration Test, Code Scan and Cloud compliance Strong GRC and Gap Assessment / Auditing, VAPT skills are desirable >>Soft Skills Strong problem solving and logical approach skills Excellent written and verbal communication skills Global client experience ability to manage stakeholders Consistent display of technical proficiency Ability to work well in teams and lead team when required Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example >>Certifications Industry certifications ISO-27001 Lead Auditor, CEH, OSCP, GIAC, CISA, CCSP, and any Cloud certifications >> QUALIFICATION BE/BTech/MBA Location – Gurgaon Experience – Associate Consultant, Consultant, – ( 5yrs – 6yrs only ) __

At NiCE, we don’t limit our challenges. We challenge our limits. Always. We’re ambitious. We’re game changers. And we play to win. We set the highest standards and execute beyond them. And if you’re like us, we can offer you the ultimate career opportunity that will light a fire within you. So, what’s the role all about? Senior Cloud Systems Engineer is responsible for supporting systems hosted in our Public and Private Cloud for Infrastructure Team. How will you make an impact? Be part of a cross-functional team which uses methodologies borrowed from DevOps to enable our partners across the organization to achieve success Build and improve DevOps tools and CI/CD processes Design, maintain, secure and support cloud infrastructure using infrastructure as code Design, maintain and support monitoring, alarming and scaling operations for cloud infrastructure Develop and maintain environment documentation Participate in a 24 x 7 on-call rotation schedule Familiar with ITIL Framework Have you got what it takes? At least 4 years of experience as a Cloud Engineer. AWS and Azure infrastructure automation using Terraform Automation of Linux (Red Hat/CentOS) and Windows Server using industry standard tools (Ansible, Salt, Puppet, etc.) Proven experience with AWS (including VPC, CloudFormation, ALB, NLB, Transit Gateway) Knowledge of scripting with Windows Power Shell or other current scripting languages Ability to work with development and operations teams, to achieve desired results, on common projects Proven analytical and problem-solving abilities Excellent attention to detail Strategic thinker and capable of learning new technologies quickly Very good communication with peers, subordinates and managers You will have an advantage if you also have Kubernetes Cluster infrastructure troubleshooting Administration of Ansible AWX/Red Hat Automation Platform Virtualization Experience a plus especially VMware Experience working in a secure, compliance driven environment (e.g. PCI/SOX/HiTrust/ISO) Certification in vendor or industry technologies, e.g. Microsoft, Linux, etc What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7848 Reporting into: Tech Manager Role Type: Individual Contributor About NiCE NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NiCE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions. Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries. NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

| About us: Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians. Our platform is designed to foster healthier food choices, drive lasting behavior change, and deliver long-term health outcomes. Through our highly personalized, digital platform, we guide our 2.2 million members—including those in employer-sponsored health plans, regional and national Medicaid managed care organizations, Medicare Advantage plans, and commercial insurers—on a tailored journey to eating well while saving time and money. Foodsmart seamlessly integrates dietary assessments and nutrition counseling with online food ordering and cost-effective meal planning for the entire family, optimizing ingredients both at home and on the go. We partner with national and regional retailers across the U.S., many of whom accept SNAP/EBT, making healthier food more accessible. Additionally, we assist members with SNAP enrollment and management, providing tangible access to nutritious food. In 2024, Foodsmart secured a $200 million investment from TPG’s Rise Fund, which supports entrepreneurs dedicated to achieving the United Nations’ Sustainable Development Goals. This investment will help us expand our reach, particularly to low-income workers who are disproportionately affected by diet-related diseases. At Foodsmart, our mission is to make nutritious food accessible and affordable for everyone, regardless of economic status. We are committed to a set of core values that shape our culture and work environment: ⚖️ Measured: We make data-driven, truth-seeking decisions. 💥 Impactful: We are fueled by achieving our mission and vision. 🙏 Collaborative: We help each other be better and create a positive environment. 📈 Hungry: We maintain a healthy growth mindset, seeking to overcome challenges with courage. 😊 Joyful: We take joy in each other, our work, and the privilege of doing this work. Whether you're a dietitian, a commercial leader, or a technologist, working at Foodsmart means being part of a team that is passionate, supportive, and driven by a shared purpose. Join us in transforming the way people access and enjoy healthy food. | About the role: We are seeking a Sr. Detection & Response Engineer to support and enhance our ability to monitor, detect, and respond to security threats across the organization. This role is focused on hands-on technical execution and will play a critical part in safeguarding Foodsmart’s systems, data, employees, and customers. The ideal candidate will have strong foundational knowledge of Sr. Detection & Response Engineer, be comfortable working with modern security tools and platforms, and demonstrate a proactive approach to automation and process improvement. You will work alongside our security and engineering teams to ensure we maintain a robust and responsive security posture. You will: Participate in the team’s on-call rotation to conduct real-time monitoring of security events across Foodsmart’s infrastructure using SIEM tools. Continuously improve threat detection capabilities by fine-tuning alerts, building correlation rules, and integrating new data sources into monitoring systems. Act as the first line of defense during active incidents, lead containment, eradication, recovery efforts, and conduct root cause analysis. Administer and configure security tools including EDR, SASE, DLP, and SIEM Conduct periodic risk assessments on infrastructure, SaaS applications, endpoints, and third party integrations to identify gaps in security posture. Implement vulnerability management processes to ensure timely remediation of identified risks. Develop playbooks for common attack scenarios to ensure rapid response during incidents. Automate repetitive tasks by writing scripts workflow automation (e.g., Python) Partner with DevOps teams to enhance CI/CD pipeline security and enforce secure configurations for infrastructure-as-code (IaC). Work closely with IT teams to secure endpoints for remote employees and enforce strong identity access management policies (e.g., SSO, MFA) Support compliance initiatives (e.g., ISO27001, HIPAA, HITRUST CSF) You have: At least 5+ years of experience in information security, IT, and engineering roles with a proven track record of safeguarding critical systems in fast-paced environments. Hands-on experience with security tools including but not limited to SIEM platforms, SASE, Email Gateways, Browser Isolation, EDR/XDR solutions. Background as an incident response lead and detection engineer to support incident response function. Experience managing application and cloud security vulnerability and configuration management programs (e.g., CSPM, ASPM) Familiarity with scripting (e.g., Python) and no-code tools for workflow automation (e.g., Okta Workflows, Zapier). Knowledge of best practices in cloud based architecture (e.g., AWS, GCP)

Job Title Technical Account Manager Job Description Technical Account Manager As a Technical Account Manager, you will be driven to provide the best Customer Experience. You must own and drive the relationship with our client throughout their lifecycle with us, from onboarding new customers through existing account management. You will work mainly with internal clients and their experience with our Health Suite Digital Platform, focused on driving the best experience with our cloud operations. Your role: Be responsive, flexible and able to communicate effectively with our clients building a positive relationship with them. This is not always easy, but you will be passionate about the challenge. Demonstrate ability to integrate strong and clear business rationale into sound decision making. Be comfortable working across time zones and through ambiguity with the drive to find resolution. You must have a demonstrated ability to manage multiple complex projects and client portfolios. This includes developing and executing against comprehensive project plans while actively managing project risk. Have the technical acumen to understand HSDP services, educate and discuss the platform with our clients. Your technical ability will assist you in representing client needs and issues within HSDP. Possess the ability to work in a fast-paced environment with solid experience in change management. Possess a combination of well-rounded technical knowledge in Cloud technologies and of Application Operational Support. You will use this ability to facilitate and coordinate a diverse group of teams in support of our platform and clients across multiple business units, including product management, development, implementation/services, product support teams, as well as business functions such as contracts/legal, finance, and quality and regulatory. Possess an ability to effectively communicate status to all project sponsors and stakeholders, coordinate activities across teams and drive projects to successful completion on time and of high quality. Champion for the application of best practices and process innovation which meets business and customer goals and objectives while ensuring compliance with international and domestic quality. You're the right fit if: Bachelor’s degree and 10 + overall years of industry experience. 7+ years’ experience serving as an Account Manager or Client Manager. Must have technical experience specifically, cloud customer/client experience and worked with "As a Service" products (PaaS, SaaS, IaaS, etc). A self-driver to find answers for customers by working with the internal platform team and start the issue resolution process. Technical aptitude and familiarity with the design and utilization of complex systems, specifically an understanding of Cloud technologies and Operational Support for Platform as a Service (PaaS) and Software as a Service (SaaS). Proven ability to influence others, facilitate agreement among stakeholders with different interests. Demonstrated leadership skills, excellent written and verbal communication skills, ability to build relationships and effective organizational skills. Proven track record of complex and creative problem solving and the desire to create and build new processes. Possess excellent business judgment, strong written and oral communication skills, and a practical, common sense approach to getting things done. Desirable familiarity with ISO27001/27018, HIPAA and HiTrust. Desirable experience working with Scaled Agile. Project Management Professional (PMP) certified is a plus. How we work together: We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities. Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations. This role is an office-based role. About Philips: We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others. Learn more about our business. Discover our rich and exciting history. Learn more about our purpose. If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.

Join a team dedicated to supporting the crucial mission of improving health outcomes. At Merative, you can apply your skills – and grow new ones – with colleagues who have deep expertise in health and technology. Merative provides data, analytics and software for the health industry. Our clients include providers, health plans, employers, life sciences companies and governments around the world. With industry-leading products and focused innovation, we help customers improve decision-making and performance so that together, we drive real progress in health. Learn more at merative.com As IT Cybersecurity Engineer and member of the Chief Information Security Officer (CISO) organization you will support the security of the company products and infrastructure. You will use your knowledge of concepts, technology and tooling to ensure the security of the company’s and our client’s critical information. This will include participation in the maintenance and monitoring of security tooling, investigation of security incidents and support company and client audits. You will interface with the business and functional leaders in development, operations, information technology and other stakeholders to promote and support a secure environment. Essential Job Duties Provides technical leadership, advice, guidance and perform IT Cybersecurity related activities. Works under limited supervision and in conjunction with team members with the objective to ensure a secure and compliant environment. Manage day to day security tools such as Vulnerability Management, Data Loss Prevention, File Integrity Monitoring, Encryption, Key Management, Intrusion Detection, etc. Work with various technology teams to ensure tool sets used to detect infrastructure security issues are deployed on all necessary platforms. Research new security trend and provide recommendation to support increased security protection for our environment. Defines objective and implements complex solutions related to IT Cybersecurity. Accountable for project results, timing and productiveness in delivery activities. Provide technical expertise in Information Technology and on Security products with hands-on experience. Assist with data protection initiatives and other programs as necessary Participates in the internal and external audit program to demonstrate security procedures and tools to assure ongoing compliance. Participates in activities related to the corrective and preventive action process. Recognizes problems related to project objectives and applies sound judgement when addressing the issues. Independently generates solutions based on analytical skills and business knowledge. Pursues a program of self-development using selected reading, seminars, and participation in continuing education. Performs all duties and responsibilities as required by the company Security Policies and Procedures. Identifies and communicates possible improvements in the work process for customers and peers. Performs other duties as assigned by immediate supervisor or upper management Required Qualifications Bachelor’s degree in a scientific or technical discipline required 2+ years of technical, hands-on proficiency in multiple cybersecurity competencies (e.g. network security, systems security, application security, security operations) 2+ years’ experience performing security technical testing or technical controls validation including documentation of testing methods and results Knowledge and experience implemented Vulnerability Management process to include configuration and scanning, reporting, and the remediation process Defender Endpoint Detection and Response knowledge and experience Knowledge of security controls related to infrastructure technology including enterprise storage (NAS/SANS), Windows and Linux Operation systems, ESX VMware, etc Knowledge using SIEM products (e.g., Splunk, Sumo Logic) to collect data and investigate anomalies Microsoft 365 Office Message Encryption (OME) knowledge and experience Experience in Security administration of cloud (Azure security) Knowledge of security standards and controls (e.g., NIST, CIS etc) Proactive awareness of emerging cybersecurity threats and technologies Detail oriented with strong verbal and presentation skill Demonstrated proficiency with executive level presentations and status reporting Excellent interpersonal, communication, and negotiation skills Effective research and analytical skills Effective written and oral communication, technical writing and editing skills Ability to work independently with minimal supervision Preferred: Security related certification (i.e. Security+, CISSP, GIAC, etc) Experience implementing security controls to meet requirements of various security and privacy related standards and regulations such as SOC I/II, ISO 2700x, HIPAA, GDPR, HITRUST, etc It is the policy of Merative to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, HIV status, or any other characteristic protected by federal, state or local law. In addition, Merative will provide reasonable accommodations for qualified individuals with disabilities.

Job Summary AVP Digital Trust will be responsible for end-to-end ownership of all service engagements for Indian clients. This is a leadership role that will report to the VP – Business Head, India, and work closely with global delivery leaders, senior practice heads, and cross-functional teams such as Sales, Pre-Sales, and Account Management. The AVP will lead a dedicated delivery team and will be instrumental in establishing a robust, scalable, and India-specific delivery framework aligned with the global standards. This includes implementing efficient processes, ensuring compliance with relevant regulatory frameworks, maintaining high service quality, and proactively identifying opportunities to improve delivery effectiveness and margins. The role will shape strategy and lead both advisory and implementation engagements for clients. Beyond operational excellence, the role demands strong client engagement capabilities. The AVP will act as a senior representative in front of clients, responsible not only for delivery satisfaction but also for building long-term relationships, gathering market intelligence, and identifying upsell/cross-sell opportunities during and post-delivery. This is a high-impact role requiring a blend of technical expertise in cybersecurity frameworks, strong leadership and operational management skills, and the ability to deliver business outcomes in a fast-evolving and competitive landscape. The ideal candidate will be a certified ISO Lead Auditor or a PCI QSA, or a certified HiTrust professional with a proven track record in managing and scaling delivery teams in the cybersecurity domain. Key Responsibilities, Deliverables / Outcomes 1. Revenue Identify market needs and design service offerings to address them. Help in business development efforts— by providing timely efforts for proposals, help in RFP responses, pre sales engagement with potential clients. Identify and influence upsell opportunities during delivery lifecycle through strong client relationships. 2. Client Engagement & Advisory Delivery Serve as a senior point of contact for India clients to review engagement performance, gather feedback, and understand evolving needs. Lead monthly/quarterly delivery reviews and maintain strong working relationships with client stakeholders. Actively seek and document client feedback for internal process improvements and innovation. Deliver tailored, value-driven solutions while managing expectations, timelines, and budgets effectively. Engage in Client Meetings & Interactions to identity New prospects, relationship building & gathering market intelligence and feedback on services provided. By demonstrating service excellence and delivery effectiveness, support renewal discussions. 3. Practice Delivery Own delivery governance and accountability for all engagements in India. Establish delivery processes tailored for Indian clients, in alignment with global delivery standards. Develop and Document Delivery frameworks, documents, tools, and methodologies to enhance consistency and excellence. Track delivery metrics: on-time completion, CSAT/NPS, quality, and effort variances. Ensure adoption and compliance with relevant cybersecurity standards and frameworks (e.g., ISO 27001, PCI DSS, HIPAA, DPDPA, NIST). Identify and implement means to reduce and streamline efforts using technology. Use insights to drive continuous service improvement and connect performance to strategic outcomes 4. Leadership & Capability Development Build, mentor, and manage the India Delivery Team Define the team's short- and long-term objectives aligned with India growth strategy. Act as a bridge between India delivery and global delivery leaders to ensure knowledge-sharing, training alignment, and unified service methodology. Innovate service offerings and develop intellectual capital—thought leadership content, whitepaper, blogs, case studies, best practices, and methodologies. Ensuring skill enhancement within the function by adding more certifications among the team members. 5. Operations Management Implement and manage delivery dashboards, MIS, and reporting tools to track performance and resource utilization. Optimize resource allocation across engagements to improve delivery efficiency and gross margins. Performance tracking using Balanced Scorecard that tracks key metrics like new business wins, client satisfaction (e.g., NPS), delivery timelines, and team learning & growth. Timely adherence to PMS initiatives like Timesheet, Bi-Weekly reviews etc 6. Stakeholder Management & Market Expansion Build trusted relationships with client leadership and internal executive stakeholders. Partner with internal functions (e.g., sales, marketing) to drive cross-selling and define new markets or clients. Key Skills Cybersecurity & Compliance Expertise – Deep understanding of standards and frameworks such as ISO 27001, PCI DSS, HIPAA, NIST, and DPDPA. Certification as ISO Lead Auditor, PCI QSA, or HiTrust is mandatory. Project & Program Management – Proven ability to lead complex cybersecurity projects with multiple stakeholders and high service-level expectations. Delivery Governance & Process Design – Experience in building delivery frameworks, SOPs, and quality assurance mechanisms tailored to regional markets. Team Building & Capability Development – Skilled in hiring, mentoring, and driving certification and career growth for delivery professionals. Conceptual Knowledge - Working knowledge data classification frameworks & concepts, cloud security concepts and cloud platforms, Network Defense concepts & tools Key Competencies Judgment/Decision Making Organization/Planning Assertiveness Motivational Ability Accountability

Job Summary AVP Digital Trust will be responsible for end-to-end ownership of all service engagements for Indian clients. This is a leadership role that will report to the VP – Business Head, India, and work closely with global delivery leaders, senior practice heads, and cross-functional teams such as Sales, Pre-Sales, and Account Management. The AVP will lead a dedicated delivery team and will be instrumental in establishing a robust, scalable, and India-specific delivery framework aligned with the global standards. This includes implementing efficient processes, ensuring compliance with relevant regulatory frameworks, maintaining high service quality, and proactively identifying opportunities to improve delivery effectiveness and margins. The role will shape strategy and lead both advisory and implementation engagements for clients. Beyond operational excellence, the role demands strong client engagement capabilities. The AVP will act as a senior representative in front of clients, responsible not only for delivery satisfaction but also for building long-term relationships, gathering market intelligence, and identifying upsell/cross-sell opportunities during and post-delivery. This is a high-impact role requiring a blend of technical expertise in cybersecurity frameworks, strong leadership and operational management skills, and the ability to deliver business outcomes in a fast-evolving and competitive landscape. The ideal candidate will be a certified ISO Lead Auditor or a PCI QSA, or a certified HiTrust professional with a proven track record in managing and scaling delivery teams in the cybersecurity domain. Key Responsibilities, Deliverables / Outcomes 1. Revenue Identify market needs and design service offerings to address them. Help in business development efforts— by providing timely efforts for proposals, help in RFP responses, pre sales engagement with potential clients. Identify and influence upsell opportunities during delivery lifecycle through strong client relationships. 2. Client Engagement & Advisory Delivery Serve as a senior point of contact for India clients to review engagement performance, gather feedback, and understand evolving needs. Lead monthly/quarterly delivery reviews and maintain strong working relationships with client stakeholders. Actively seek and document client feedback for internal process improvements and innovation. Deliver tailored, value-driven solutions while managing expectations, timelines, and budgets effectively. Engage in Client Meetings & Interactions to identity New prospects, relationship building & gathering market intelligence and feedback on services provided. By demonstrating service excellence and delivery effectiveness, support renewal discussions. 3. Practice Delivery Own delivery governance and accountability for all engagements in India. Establish delivery processes tailored for Indian clients, in alignment with global delivery standards. Develop and Document Delivery frameworks, documents, tools, and methodologies to enhance consistency and excellence. Track delivery metrics: on-time completion, CSAT/NPS, quality, and effort variances. Ensure adoption and compliance with relevant cybersecurity standards and frameworks (e.g., ISO 27001, PCI DSS, HIPAA, DPDPA, NIST). Identify and implement means to reduce and streamline efforts using technology. Use insights to drive continuous service improvement and connect performance to strategic outcomes 4. Leadership & Capability Development Build, mentor, and manage the India Delivery Team Define the team’s short- and long-term objectives aligned with India growth strategy. Act as a bridge between India delivery and global delivery leaders to ensure knowledge-sharing, training alignment, and unified service methodology. Innovate service offerings and develop intellectual capital—thought leadership content, whitepaper, blogs, case studies, best practices, and methodologies. Ensuring skill enhancement within the function by adding more certifications among the team members. 5. Operations Management Implement and manage delivery dashboards, MIS, and reporting tools to track performance and resource utilization. Optimize resource allocation across engagements to improve delivery efficiency and gross margins. Performance tracking using Balanced Scorecard that tracks key metrics like new business wins, client satisfaction (e.g., NPS), delivery timelines, and team learning & growth. Timely adherence to PMS initiatives like Timesheet, Bi-Weekly reviews etc 6. Stakeholder Management & Market Expansion Build trusted relationships with client leadership and internal executive stakeholders. Partner with internal functions (e.g., sales, marketing) to drive cross-selling and define new markets or clients. Key Skills Cybersecurity & Compliance Expertise – Deep understanding of standards and frameworks such as ISO 27001, PCI DSS, HIPAA, NIST, and DPDPA. Certification as ISO Lead Auditor, PCI QSA, or HiTrust is mandatory. Project & Program Management – Proven ability to lead complex cybersecurity projects with multiple stakeholders and high service-level expectations. Delivery Governance & Process Design – Experience in building delivery frameworks, SOPs, and quality assurance mechanisms tailored to regional markets. Team Building & Capability Development – Skilled in hiring, mentoring, and driving certification and career growth for delivery professionals. Conceptual Knowledge - Working knowledge data classification frameworks & concepts, cloud security concepts and cloud platforms, Network Defense concepts & tools Key Competencies Judgment/Decision Making Organization/Planning Assertiveness Motivational Ability Accountability

Key Responsibilities Lead and execute HITRUST (e1, i1, r2) assessments and audits: Conduct control testing and evidence validation. Review client-prepared documentation for adequacy and effectiveness. Evaluate business processes and control requirements. Prepare and maintain HITRUST workpapers and related documentation in line with required methodologies. Create gap remediation action plans and provide consultative guidance to clients on addressing identified control weaknesses. Deliver SOC 2 assessments (readiness or attestation support), including testing of controls and preparing required documentation. Draft detailed reports, including assessment findings, observations, and recommendations; present results to client stakeholders. Work collaboratively with clients to ensure engagement success, proactively addressing questions, concerns, and opportunities for improvement. Manage multiple concurrent projects while adhering to timelines and deliverable schedules. Assist clients with internal and external audit readiness and corrective action implementation. Facilitate workshops, security awareness sessions, and management reviews as needed. Stay updated on HITRUST, SOC 2, ISO 27001, and regional regulatory requirements, providing advisory support based on emerging industry trends. Willingness to adjust working hours to align with client time zones (IND/US/EU) as required by project engagements Deliverables and Outcomes Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria). Strong knowledge of ISO 27001:2022 and ISO 27002 controls, ISO 31000 (risk management), and related frameworks. Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws. Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements. Understanding of information security principles (CIA) and their application in enterprise environments. Working knowledge of cloud security and common platforms (Azure, AWS, GCP). Exposure to security operations and GRC tools. Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders. Key Skills Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria). Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws. Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements. Understanding of information security principles (CIA) and their application in enterprise environments. Working knowledge of cloud security and common platforms (Azure, AWS, GCP). Exposure to security operations and GRC tools. Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders. Competencies Analysis Skills Independence Customer Focus Communications- Oral & written Persuasion Adaptability to Change

JOB DESCRIPTION: Position: Full stack developer Location : Visakapatnam Job Type: Fulltime Key Responsibilities Microservices Development: Design, develop, and deploy scalable microservices (e.g., Device Ingestion, EMR Adapter, Identity Federation) using Docker/Kubernetes. Implement event-driven architecture and API standards (OpenAPI/AsyncAPI). Frontend & Mobile Development: Modernize UI/UX with React, ensuring WCAG 2.1 AA compliance. Develop Progressive Web Apps (PWAs) and native mobile applications. Healthcare Integration: Build HIPAA-compliant integrations with EMRs (Epic, Cerner), medical devices, and real-time transcription services. Optimize medical vocabulary processing (ICD-10, SNOMED). DevOps & Security: Implement CI/CD pipelines (GitHub, Terraform) with automated testing (100% unit test coverage). Ensure security via Mend.io, Trend Micro, and OWASP compliance. Collaboration: Work in a hybrid team, adhering to Agile practices and clean-room development standards. Document code comprehensively and participate in architecture reviews. Required Skills & Experience Technical Expertise: Proficiency in React, Node.js/Python, and microservices architecture. Cloud platforms (AWS/Azure/GCP) and IaC tools (Terraform, Massdriver.cloud). Real-time systems (WebRTC, WebSockets) and healthcare standards (HL7, FHIR). Compliance: Knowledge of HIPAA, HITRUST, SOC 2, and secure coding practices. Soft Skills: Strong communication, self-management, and Agile mindset. Job Type: Full-time Pay: ₹70,000.00 - ₹80,000.00 per year Application Question(s): How many years of experience do you have as a full stack developer? a)5 years b)5+ years Do you have experience working on react Js and node Js? a)Yes b)No Do you have experience working with healthcare domain ? a)Yes b)No Are you interested to relocate to visakhapatnam? a)Yes b)No Can you start immediately for this role? a)Yes b)No Work Location: In person

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary: ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities: · Strong understanding of IT General Controls domains such as Change Management, User Access Management, IT Operations, Back and Recovery Management etc · Strong understanding of the third-party risk management · Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc · Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle · Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts · Should understand complete assessment lifecycle from assessment scoping to project deliverables · Great communication skills and the ability to break down and explain complex data security problems · Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education: · Minimum Qualification: BE/ BTech/MBA/Mtech/MCA · Postgraduates in any stream would be preferred (not mandatory) · Prior Big 4 experience would be an added advantage · Experience in IT Risk Advisory/ Assurance for varied industry segments preferred · Excellent communication skills - both written and oral Certifications: · CIA/CISA/CISM will be added advantage Mandatory skill sets: ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Preferred skill sets: ISO 27001 Reviews, HIPAA/ HITRUST Reviews Years of experience required: 2-8 years Education qualification: BE, B.tech, ME, M.tech, MCA, MBA, Mcom, CA, CS Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master Degree, Bachelor of Engineering, Bachelor of Technology, Master of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Information Technology General Controls (ITGC) Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Available for Work Visa Sponsorship? Government Clearance Required? Job Posting End Date

Sr Cyber Governance Analyst Job Summary: Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries. Responsibilities: Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR). Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood. Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts. Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity. Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success. Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables. Continuously look to optimize processes, technology and capabilities through tactical and strategic development. Other duties as assigned. Knowledge and Skills: Strong analytical skills; Demonstration of ability to solve problems using best practices and systematic approach Relationship builder; able to create and maintain a trusted network on all levels; Good communication, influencing and negotiating skills; Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff; Project management and organizational skills; Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor. Required Experience: 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks. Preferred Experience: Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment. Understanding of attack vectors and methodologies. Ability to weigh business risks and enforce appropriate information security measures. CISSP, CISM, CISA, CCSA or equivalent certification preferred. Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate. GHX: It&aposs the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, GHX) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHXs employees to perform their expected job duties is absolutely not tolerated. Read our GHX Privacy Policy Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Manager Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes forour clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences foreach other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Location: Mumbai Department: Risk Consulting Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities: Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels. Mandatory Skill Sets: ITGC Preferred Skill Sets: ITAC Years of experience required: 4 years Education Qualification: -BE/ BTech Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantage B.Tech/MBA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Master of Business Administration Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Coaching and Feedback, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting + 29 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes forour clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences foreach other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firms growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " JOB DESCRIPTION ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Purpose of the Job /Role Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities: Strong understanding of IT General Controls domains such as Change Management ,User Access Management, IT Operations, Back and Recovery Management etc Strong understanding of the third-party risk management Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts Should understand complete assessment lifecycle from assessment scoping to project deliverables Great communication skills and the ability to break down and explain complex data security problems Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education Mandatory Skill Sets: IT Audit Preferred Skill Sets: ITAC Years of experience required: 4 years Education Qualification: BE/ BTech, Postgraduates in any stream would be preferred (not mandatory) Prior Big 4 experience would be an added advantage Experience in IT Risk Advisory/ Assurance for varied industry segments preferred Excellent communication skills - both written and oral Certifications: CIA/CISA/CISM will be added advantage Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master of Business Administration, Bachelor of Technology Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills ITGC Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit + 24 more Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship No Government Clearance Required No Job Posting End Date Show more Show less

Job Summary AVP Digital Trust will be responsible for end-to-end ownership of all service engagements for Indian clients. This is a leadership role that will report to the VP â Business Head, India, and work closely with global delivery leaders, senior practice heads, and cross-functional teams such as Sales, Pre-Sales, and Account Management. The AVP will lead a dedicated delivery team and will be instrumental in establishing a robust, scalable, and India-specific delivery framework aligned with the global standards. This includes implementing efficient processes, ensuring compliance with relevant regulatory frameworks, maintaining high service quality, and proactively identifying opportunities to improve delivery effectiveness and margins. The role will shape strategy and lead both advisory and implementation engagements for clients. Beyond operational excellence, the role demands strong client engagement capabilities. The AVP will act as a senior representative in front of clients, responsible not only for delivery satisfaction but also for building long-term relationships, gathering market intelligence, and identifying upsell/cross-sell opportunities during and post-delivery. This is a high-impact role requiring a blend of technical expertise in cybersecurity frameworks, strong leadership and operational management skills, and the ability to deliver business outcomes in a fast-evolving and competitive landscape. The ideal candidate will be a certified ISO Lead Auditor or a PCI QSA, or a certified HiTrust professional with a proven track record in managing and scaling delivery teams in the cybersecurity domain. Key Responsibilities, Deliverables / Outcomes Revenue Identify market needs and design service offerings to address them. Help in business development effortsâ by providing timely efforts for proposals, help in RFP responses, pre sales engagement with potential clients. Identify and influence upsell opportunities during delivery lifecycle through strong client relationships. Client Engagement & Advisory Delivery Serve as a senior point of contact for India clients to review engagement performance, gather feedback, and understand evolving needs. Lead monthly/quarterly delivery reviews and maintain strong working relationships with client stakeholders. Actively seek and document client feedback for internal process improvements and innovation. Deliver tailored, value-driven solutions while managing expectations, timelines, and budgets effectively. Engage in Client Meetings & Interactions to identity New prospects, relationship building & gathering market intelligence and feedback on services provided. By demonstrating service excellence and delivery effectiveness, support renewal discussions. Practice Delivery Own delivery governance and accountability for all engagements in India. Establish delivery processes tailored for Indian clients, in alignment with global delivery standards. Develop and Document Delivery frameworks, documents, tools, and methodologies to enhance consistency and excellence. Track delivery metrics: on-time completion, CSAT/NPS, quality, and effort variances. Ensure adoption and compliance with relevant cybersecurity standards and frameworks (e.g., ISO 27001, PCI DSS, HIPAA, DPDPA, NIST). Identify and implement means to reduce and streamline efforts using technology. Use insights to drive continuous service improvement and connect performance to strategic outcomes Leadership & Capability Development Build, mentor, and manage the India Delivery Team Define the team's short- and long-term objectives aligned with India growth strategy. Act as a bridge between India delivery and global delivery leaders to ensure knowledge-sharing, training alignment, and unified service methodology. Innovate service offerings and develop intellectual capitalâthought leadership content, whitepaper, blogs, case studies, best practices, and methodologies. Ensuring skill enhancement within the function by adding more certifications among the team members. Operations Management Implement and manage delivery dashboards, MIS, and reporting tools to track performance and resource utilization. Optimize resource allocation across engagements to improve delivery efficiency and gross margins. Performance tracking using Balanced Scorecard that tracks key metrics like new business wins, client satisfaction (e.g., NPS), delivery timelines, and team learning & growth. Timely adherence to PMS initiatives like Timesheet, Bi-Weekly reviews etc Stakeholder Management & Market Expansion Build trusted relationships with client leadership and internal executive stakeholders. Partner with internal functions (e.g., sales, marketing) to drive cross-selling and define new markets or clients. Key Skills Cybersecurity & Compliance Expertise â Deep understanding of standards and frameworks such as ISO 27001, PCI DSS, HIPAA, NIST, and DPDPA. Certification as ISO Lead Auditor, PCI QSA, or HiTrust is mandatory. Project & Program Management â Proven ability to lead complex cybersecurity projects with multiple stakeholders and high service-level expectations. Delivery Governance & Process Design â Experience in building delivery frameworks, SOPs, and quality assurance mechanisms tailored to regional markets. Team Building & Capability Development â Skilled in hiring, mentoring, and driving certification and career growth for delivery professionals. Conceptual Knowledge - Working knowledge data classification frameworks & concepts, cloud security concepts and cloud platforms, Network Defense concepts & tools Key Competencies Judgment/Decision Making Organization/Planning Assertiveness Motivational Ability Accountability

Key Responsibilities Lead and execute HITRUST (e1, i1, r2) assessments and audits: Conduct control testing and evidence validation. Review client-prepared documentation for adequacy and effectiveness. Evaluate business processes and control requirements. Prepare and maintain HITRUST workpapers and related documentation in line with required methodologies. Create gap remediation action plans and provide consultative guidance to clients on addressing identified control weaknesses. Deliver SOC 2 assessments (readiness or attestation support), including testing of controls and preparing required documentation. Draft detailed reports, including assessment findings, observations, and recommendations; present results to client stakeholders. Work collaboratively with clients to ensure engagement success, proactively addressing questions, concerns, and opportunities for improvement. Manage multiple concurrent projects while adhering to timelines and deliverable schedules. Assist clients with internal and external audit readiness and corrective action implementation. Facilitate workshops, security awareness sessions, and management reviews as needed. Stay updated on HITRUST, SOC 2, ISO 27001, and regional regulatory requirements, providing advisory support based on emerging industry trends. Willingness to adjust working hours to align with client time zones (IND/US/EU) as required by project engagements Deliverables and Outcomes Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria). Strong knowledge of ISO 27001:2022 and ISO 27002 controls, ISO 31000 (risk management), and related frameworks. Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws. Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements. Understanding of information security principles (CIA) and their application in enterprise environments. Working knowledge of cloud security and common platforms (Azure, AWS, GCP). Exposure to security operations and GRC tools. Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders. Key Skills Hands-on experience with HITRUST CSF assessments (e1, i1, r2) and/or SOC 2 (Trust Services Criteria). Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Familiarity with regulatory environments such as HIPAA, GDPR, and other data protection laws. Experience conducting internal/external audits, gap assessments, and managing certification/attestation engagements. Understanding of information security principles (CIA) and their application in enterprise environments. Working knowledge of cloud security and common platforms (Azure, AWS, GCP). Exposure to security operations and GRC tools. Strong documentation and reporting skills; ability to present findings effectively to senior stakeholders. Competencies Analysis Skills Independence Customer Focus Communications- Oral & written Persuasion Adaptability to Change

The HiLabs Story HiLabs is a leading provider of AI-powered solutions to clean dirty data, unlocking its hidden potential for healthcare transformation. HiLabs is committed to transforming the healthcare industry through innovation, collaboration, and a relentless focus on improving patient outcomes. HiLabs Team Multidisciplinary industry leaders Healthcare domain experts AI/ML and data science experts Professionals hailing from the worlds best universities, business schools, and engineering institutes including Harvard, Yale, Carnegie Mellon, Duke, Georgia Tech, Indian Institute of Management (IIM), and Indian Institute of Technology (IIT). Job Title : Cloud Security Lead Job Location : Bangalore, Karnataka / Pune Maharashtra - India Job summary: We are a leading Software as a Service (SaaS) company that specializes in the transformation of data in the US healthcare industry through cutting-edge Artificial Intelligence (AI) solutions. We are looking for a Cloud Security Lead to take ownership of our cloud security posture as we scale our healthcare SaaS platform. The ideal candidate is hands-on, has strong experience with ethical hacking and penetration testing, and is passionate about building secure, compliant, and highly available systems in the cloud. In this role, you will work closely with engineering, DevOps, and compliance teams to ensure that patient data and healthcare workflows are protected in line with HIPAA, SOC 2, and other healthcare-specific regulations Responsibilities Design, implement, and continuously improve the cloud security architecture for our SaaS platform hosted on AWS/Azure/GCP. Conduct ethical hacking, red teaming, and penetration tests to proactively identify vulnerabilities. Integrate Dev-Ops best practices into the software development lifecycle and infrastructure provisioning. Define and enforce IAM policies, encryption standards, VPC and firewall configurations, and secure network design. Drive incident response and disaster recovery planning for cloud environments. Collaborate with compliance teams to ensure ongoing HITRUST, HIPAA, SOC 2, and ISO 27001 readiness. Lead threat modelling sessions and educate teams on secure coding and deployment practices. Stay current on industry threats and tools and recommend improvements to our security stack. Desired Profile Bachelor's or Master’s degree in Computer Science, Information Security, or related field. Preference for candidates from Tier 1 institutions in India (IITs, NITs, BITS Pilani, IIITs) 6+ years of experience in cloud security, infrastructure security, or cybersecurity roles. Deep hands-on experience with AWS, Azure, or GCP security services. Strong background in ethical hacking, penetration testing, and red teaming. Proficiency in tools like Burp Suite, Metasploit, Nmap, Wireshark, Nessus, and Kali Linux. Experience with DevSecOps tools and concepts (e.g., Terraform, Ansible, CI/CD security integration). Strong understanding of container security (Docker, Kubernetes). Experience securing multi-tenant SaaS platforms, especially in healthcare or regulated environments. Knowledge of compliance frameworks like HIPAA, SOC 2, and ISO 27001. Excellent communication skills and a collaborative mindset Preferred Certifications OSCP, CEH, AWS Security Specialty, CISSP, or relevant security certifications HiLabs is an equal opportunity employer (EOE). No job applicant or employee shall receive less favorable treatment or be disadvantaged because of their gender, marital or family status, color, race, ethnic origin, religion, disability, or age; nor be subject to less favorable treatment or be disadvantaged on any other basis prohibited by applicable law. HiLabs is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce to support individual growth and superior business results. Thank you for reviewing this opportunity with HiLabs! If this position appears to be a good fit for your skillset, we welcome your application. HiLabs Total Rewards Competitive Salary, Accelerated Incentive Policies, H1B sponsorship, Comprehensive benefits package that includes ESOPs, financial contribution for your ongoing professional and personal development, medical coverage for you and your loved ones, 401k, PTOs & a collaborative working environment, Smart mentorship, and highly qualified multidisciplinary, incredibly talented professionals from highly renowned and accredited medical schools, business schools, and engineering institutes. CCPA disclosure notice - https://www.hilabs.com/privacy

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Information Security Senior Specialist to join our team in banglore, Karn?taka (IN-KA), India (IN). Job Description: The primary function of this role is to conduct activities to support compliance with security, customer, and regulatory requirements. The candidate will also have the opportunity to contribute to other areas within the Security Risk Management and Compliance arena such as Policy Management, Third-Party Risk Management, Security Awareness Training, and various other initiatives. Primary responsibilities include: Respond to customer inquiries for information regarding Enlyte's security controls and completion of security assessments/questionnaires. Conduct access and entitlement reviews for users of internal systems. Perform weekly compliance review for security training assignments and send reminder notifications for out-of-compliance users. Obtain internal documentation and information in support of security compliance audits. Secondary Responsibilities: Maintain the Security team GRC system including building of assessments, reporting, and monitoring dashboards. Create How-to Guides and departmental operating procedure documentation. Update internal policy sites and policy documents as needed. Preferred Qualifications: Experience: Proficiency in Microsoft Word, Excel, & PowerPoint. Proficient grammar, sentence structure, and advanced report writing and technical writing skills. Desired: Knowledge of security/privacy standards and regulatory requirements such as ISO 27001, SOC 1, SOC 2, PCI, HIPAA, HITRUST, etc. Technical Skills & Experience: Experience using Microsoft Azure, O365, and GRC tools is a plus. Licenses or Certifications: CISA, CISSP, CRISC, ISO 27001 Lead Auditor certification is a plus. About NTT DATA NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client's needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, . NTT DATA endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at . This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click . If you'd like more information on your EEO rights under the law, please click . For Pay Transparency information, please click.

Key Responsibilities Solid experience in AWS IaaS deployment Pipelines, IAM, VPCs, Security Groups, VPN, microservices, CloudTrail, etc. Knowledge of Amazon Web Services such as EC2, S3, SQS, Route53, Amplify, DynamoDB, Neptune. Experience in developing or administering the security of AWS cloud environments. Experience in cross-account deployment of resources using Pipelines, CodeCommit, CodeBuild. Practical knowledge of several security practices in SDLC and supporting IT security tools. Improve existing monitoring to provide end-to-end observability of our platform. Scale our platform and processes to continue serving our growing customer base Define and implement disaster recovery processes Automation scripting skills - Python or equivalent Build & support Site Reliability function & participate in building tools to report system KPIs Deliver tasks based on project objectives; technically support projects through to completion Must be able to work independently or with a team, under minimum supervision Articulate verbal and written communication Eagerness to share knowledge across engineering teams Has worked in a fast paced, dynamic environment Qualifications Bachelors or Master’s degree in Computer Science, a related field, or equivalent work experience Minimum of 4+ years of experience Prior experience working in an SRE/DevOps/Cloud Engineering role on a cross-functional agile team Experience working with industry standards or programs such as SOC2, ISO, HITRUST is a plus AWS Certification, CISSP, Security+ is a plus Ability to improve automation through the CI/CD pipeline through analysis of the current process using tools Experience developing deployment strategies for SaaS applications Additional Information At Privaini Software India Private Limited, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. onsibilities Preferred candidate profile Perks and benefits

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Data Loss Prevention (DLP) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous monitoring and improvement of security protocols to safeguard sensitive information and maintain compliance with industry standards. Roles & Responsibilities:- Expected to be an SME in DLP and Data masking solution implementation and support.- Collaborate and manage the team to perform.- Demonstrates excellent problem-solving skills and the ability to collaborate effectively with diverse stakeholders- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to ensure compliance with industry standards. Professional & Technical Skills: - Must Have Skills: Proficiency in Proofpoint and Microsoft Purview Data Loss Prevention (DLP) tools, Varonis Data Discovery and Data masking.- Creation of DLP detection and prevention policies- DLP agents compliance and incident monitoring- DLP agent upgradation- Design and implementation of Data masking solution across enterprise-wide applications- Perform Sensitive Data Discovery and analysis across enterprise data repositories- Create Technical documentation and installation/administration manuals- Strong understanding of risk management and mitigation strategies.- Experience with security frameworks and compliance standards such as ISO 27001, NIST, or GDPR, HIPAA, HiTrust- Familiarity with incident response and threat intelligence processes.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 8 years of experience in Data Loss Prevention (DLP) and Data Discovery- Good to have experience in Health care industry - Certifications on Proofpoint, Varonis is preferred.- This position is based in Coimbatore.- Willing to work in US shifts including support in late IST hours. Willing to work in office adhering to current HR policies.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Data Loss Prevention (DLP) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous monitoring and improvement of security protocols to safeguard sensitive information and maintain compliance with industry standards. Roles & Responsibilities:- Expected to be an SME in DLP and Data masking solution implementation and support.- Collaborate and manage the team to perform.- Demonstrates excellent problem-solving skills and the ability to collaborate effectively with diverse stakeholders- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to ensure compliance with industry standards. Professional & Technical Skills: - Must Have Skills: Proficiency in Proofpoint and Microsoft Purview Data Loss Prevention (DLP) tools, Varonis Data Discovery and Data masking.- Creation of DLP detection and prevention policies- DLP agents compliance and incident monitoring- DLP agent upgradation- Design and implementation of Data masking solution across enterprise-wide applications- Perform Sensitive Data Discovery and analysis across enterprise data repositories- Create Technical documentation and installation/administration manuals- Strong understanding of risk management and mitigation strategies.- Experience with security frameworks and compliance standards such as ISO 27001, NIST, or GDPR, HIPAA, HiTrust- Familiarity with incident response and threat intelligence processes.- Knowledge of network security protocols and technologies. Additional Information:- The candidate should have minimum 8 years of experience in Data Loss Prevention (DLP) and Data Discovery- Good to have experience in Health care industry - Certifications on Proofpoint, Varonis is preferred.- This position is based in Coimbatore.- Willing to work in US shifts including support in late IST hours. Willing to work in office adhering to current HR policies.- A 15 years full time education is required. Qualification 15 years full time education

Hi, Find below the detailed Job Description for Information Security Specialist Position. Position Overview : This position is responsible for overseeing and implementing security measures to protect the organization's data and infrastructure. This role involves developing security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Key Responsibilities : Security Strategy : Develop and implement security strategies tailored to the segment to ensure the protection of data and infrastructure. Risk Management : Identify, assess, and mitigate security risks associated. Incident Response : Lead incident response efforts for security breaches within the segment, including investigation, containment, and remediation. Compliance : Ensure compliance with relevant regulations and standards. Collaboration : Work closely with other IT teams and segment leaders to integrate security measures into services and applications. Training and Awareness : Support security training and awareness programs for employees within the segment to promote a security-conscious culture. Policy Development : Develop and enforce security policies and procedures. Audit and Assessment : Facilitate information security (e.g. ISO 27001, NIST) and regulatory audits, as well as security assurance activities that verify the effectiveness of implemented security controls. Business Partnership : Foster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored security solutions. Qualifications : Proven experience in developing and implementing security strategies. Strong knowledge of risk management and security architecture. Experience in leading incident response efforts. Knowledge of compliance regulations US & India (such as HIPAA & IT Act) and experience with security monitoring tools. Excellent collaboration and communication skills. Ability to conduct training and develop security policies. Experience in conducting security audits and assessments. Demonstrated ability to build and maintain relationships with business leaders and stakeholders. Should understand all aspects of Security environment, TLS Versions Understands Data Data at rest, data in motion, Compliance, Data Relevance Should be able to assess and share the Vulnerability to Business System Security Plan (SSP) Understands Encryptions Good understanding of Security Standards Interested candidates can send their updated resume to ashraffshaik.mohammad@optum.com Regards Team HR

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary: ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Perform IT Assessment Reviews which includes IT General Controls, Internal Audits, Controls Testing, Compliance Reviews (such as ISO 27001, HIPAA, HITRUST etc.) Responsibilities: · Strong understanding of IT General Controls domains such as Change Management, User Access Management, IT Operations, Back and Recovery Management etc · Strong understanding of the third-party risk management · Implementation and assessment knowledge of various industry standards, frameworks, and compliances such as ISO 27001, HIPAA, HITRUST, ISO 22301, ISO 27701 etc · Understanding of the IT Risk Assessment methodologies and ability to comprehend and apply the knowledge during IT assessment lifecycle · Interview client stakeholders and conducts walkthrough meetings and develop assessment artifacts · Should understand complete assessment lifecycle from assessment scoping to project deliverables · Great communication skills and the ability to break down and explain complex data security problems · Excellent presentation skills and ability to effectively communicate proposals and point of view at senior management levels Education: · Minimum Qualification: BE/ BTech/MBA/Mtech/MCA · Postgraduates in any stream would be preferred (not mandatory) · Prior Big 4 experience would be an added advantage · Experience in IT Risk Advisory/ Assurance for varied industry segments preferred · Excellent communication skills - both written and oral Certifications: · CIA/CISA/CISM will be added advantage Mandatory skill sets: ITGC Reviews, IT Internal Audits, Controls Testing, Compliance Reviews, ISO 27001 Reviews, HIPAA/ HITRUST Reviews Preferred skill sets: ISO 27001 Reviews, HIPAA/ HITRUST Reviews Years of experience required: 2-8 years Education qualification: BE, B.tech, ME, M.tech, MCA, MBA, Mcom, CA, CS Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master Degree, Bachelor of Engineering, Bachelor of Technology, Master of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Information Technology General Controls (ITGC) Optional Skills Accepting Feedback, Accepting Feedback, Accounting and Financial Reporting Standards, Active Listening, Analytical Thinking, Artificial Intelligence (AI) Platform, Auditing, Auditing Methodologies, Business Process Improvement, Communication, Compliance Auditing, Corporate Governance, Creativity, Data Analysis and Interpretation, Data Ingestion, Data Modeling, Data Quality, Data Security, Data Transformation, Data Visualization, Embracing Change, Emotional Regulation, Empathy, Financial Accounting, Financial Audit {+ 24 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Available for Work Visa Sponsorship? Government Clearance Required? Job Posting End Date

Sr Cyber Governance Analyst Job Summary: Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries. Responsibilities: Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR). Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood. Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts. Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity. Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success. Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables. Continuously look to optimize processes, technology and capabilities through tactical and strategic development. Other duties as assigned. Knowledge and Skills: Strong analytical skills; Demonstration of ability to solve problems using best practices and systematic approach Relationship builder; able to create and maintain a trusted network on all levels; Good communication, influencing and negotiating skills; Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff; Project management and organizational skills; Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor. Required Experience: 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks. Preferred Experience: Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment. Understanding of attack vectors and methodologies. Ability to weigh business risks and enforce appropriate information security measures. CISSP, CISM, CISA, CCSA or equivalent certification preferred. Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate. GHX: It's the way you do business in healthcare Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe. Disclaimer Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement. GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated. Read our GHX Privacy Policy